NET::SSH - to Cisco gear

[chipk]

Hi all, I currently use Net::Telnet::Cisco for management of a lot of my Cisco gear. I've been thinking about enabling ssh only for remote management to tighten security; this would obviously kill all of my Net::Telnet::Cisco programs.

Has anyone gone from using Net::Telnet::Cisco (or even just Net::Telnet) to Net::SSH? Is it very different? Can I expect similar functionality? Thanks,

 

[netman4u]

chipk,

I will be doing the same thing here where I am as soon as I get SSH access to the devices. It works the same as telnet from the command line and the net admin here tells me encryption/security is handled by TACAS and it will be invisible to my script.

We shall see.

Nick

If at first you don't succeed, don't try skydiving.

 

[chipk]

Yeah, I got SSH set up one of my switches and will be trying to port my scripts over to net::ssh from net::telnet::cisco. I'll post any results I get as well. Thanks,

 

[chipk]

Based on what I'm seeing, I don't think it's going to work as expected. The probelm I'm having is that net::ssh does not allow you to specify a password. I guess it's supposed to use the stored key from the initial session to re-setup the connection.

 

[netman4u]

It was my understanding that TACAS was supposed to perform the authorization. I will see as well.

If at first you don't succeed, don't try skydiving.

 

[chipk]

Ah, well, this may be helpful information for you or someone else, but it appears that net::ssh:erl DOES allow you to supply password, but net::ssh does not. Only, I tried installed net::ssh:erl through ppm and a lot of stuff does not appear to be available from ActiveState. Apparently, it has something to do with export laws covering encryption software. I found that adding the repository for the University of Winnipeg made the packages I needed available:

rep add

http://theoryx5.uwinnipeg.ca/ppms

 

[netman4u]

No it is not available through activestate.

I tried to use nett::ssherl on my Solaris server and it requires a TON of libraries, packages and dependant modules to be installed. If you are going to use it, during the install only choose the encryption method you are going to use, not all.

If at first you don't succeed, don't try skydiving.

 

[chipk]

Darn, wish I knew that before I started messing around, probably should have asked someone before I just selected All. My PPM seems to be totally screwed now. I tried to install and it started scrolling what looked like the contents of a script, then PPM just closed. Now it craps out if I try to install anything. I've completely uninstalled Perl from my system and I plan on reinstalling it tomorrow to see if I can get this to work.

 

[chipk]

Hey netman, have you had any luck with this? I seem to be having issues just getting simple commands to execute. There's probably something simple that I'm missing because pretty much this exact syntax works fine with Net::Telnet::Cisco. My code looks like this:

    use Net::SSH::Perl;
    my $ssh = Net::SSH::Perl->new('hostname');
    $ssh->login('uuuuuuu', 'ppppppp');
    @out = $ssh->cmd("show clock\n");
    print @out;

I know I'm at least hitting the device, because if I supply a bad password and log into the device with console logging, I get bad ssh password events. If I just run this from command line, I get a blinking cursor and finally no output. Weird.

 

[chipk]

I got this to work after changing some syntax AND removing from my IOS where I was accepting only SSH Ver 2. Apparently, Cisco's SSH v2 implementation sucks and is not compatible with the OpenSSH standard. As soon as I took that out, this started working.

use strict;
use warnings;
use Net::SSH::Perl;
my $ssh = Net::SSH::Perl->new('hostname');
$ssh->login('uuuuuu', 'sshtest');
my($out) = $ssh->cmd("show clock");
print $out;

Output displayed correctly:

C:\scripts\perl\SSH>shoclock.pl

13:52:07.304 EDT Thu Oct 26 2006